package com.qfedu.yige.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
public class SecurityConfig {

    //密码加密器
    @Bean
    public PasswordEncoder passwordEncoder(){
        return  new BCryptPasswordEncoder();
    }


    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        //禁用security生成的资源   最前面
        http.csrf().disable();

        //403错误状态码，跳转到指定的页面
        http.exceptionHandling().accessDeniedPage("/403.html");

        //配置登录表单
        http.formLogin()
                //自定义的登录页面
                .loginPage("/login.html")
                //登陆的接口url
                .loginProcessingUrl("/user/login")
                //默认登录成功跳转的路径
                .defaultSuccessUrl("/home.html")
                //登录失败跳转的页面
                .failureUrl("/error.html")
                //全部允许
                .permitAll();

        //自定义不拦截的规则  优先级较高
        http.authorizeRequests()
                //指定资源路径   首页、注册、登录
                //.antMatchers("/js/**", "/css/**","/img/**","/images/**","/plugins/**","/error.html","/403.html","/project/findAll")
                .antMatchers("/**")
                //放行
                .permitAll();

    /*    //配置角色访问信息
        http.authorizeRequests()
                //匹配的资源
                .antMatchers("/student/**")
                //具备指定的角色信息
//                        .hasRole("xiaoban");
                //具备指定的任意一个角色
                .hasAnyRole("xiaoban", "jiangshi", "xiaozhang");

        http.authorizeRequests()
                //匹配的资源
                .antMatchers("/person/**")
                // 用于指定的ip  设置白名单
//                .hasIpAddress()
                //具备指定的权限信息
//                        .hasAuthority("add");
                //具备指定的任意一个权限信息
                .hasAnyAuthority("add", "update", "delete");*/

        //退出登录功能   （登出）
        http.logout()
                //登出的url
                .logoutUrl("/user/logout")
                //登出成功之后跳转的路径
                .logoutSuccessUrl("/login.html")
                //销毁session
                .invalidateHttpSession(true)
                //删除指定的cookie
                .deleteCookies("JSESSIONID");


/*        //指定的路径可以是匿名访问的
//        http.authorizeRequests().antMatchers("/teacher/delete").anonymous();
        //denyAll 都没有权限
        http.authorizeRequests().antMatchers("/aa.html").denyAll();*/
        //任意的请求都需要经过认证授权
        http.authorizeRequests().anyRequest().authenticated();  //写在最后面

        //支持iframe
        http.headers().frameOptions().sameOrigin();



        return http.build();
    }
}
